This repository contains the instrumentation of the controlled experiment that was conducted in the study named "An Approach for Reviewing Security Related Aspects in Agile Requirements Specifications of Web Applications". You can access to the following artifacts:
-
Characterization Questionnaire: The overall goal of the questionnaire is to characterize the experience of the students. The answers were obtained through the questionnaire with the aim at identifying some key characteristics about four knowledge areas: agile software development, requirements engineering, software security and inspections., task description and training material related to this study.
-
Follow-up questionnaire. This questionnaire was based on TAM. We wanted to know if the approach was useful for them and if they found it easy to use. Additionally, we included some open text questions to gather participant feedback about difficulties, benefits and disadvantages of using our approach.
-
Training. The training material focused on the OWASP security properties and high-level security requirements and on the defect types. No specific training was provided on using the reading technique; therefore, the feasibility of using it without specific training was also indirectly evaluated.
-
Task description. This description explains the participants about the received material and asks them to conduct the review according to their treatment, filling out the defect reporting form. Both treatments received the same requirements specification. For one treatment, the reading technique was generated according to the user story description and its related OWASP highlevel security requirements. For the other treatment the list of OWASP security properties and their related high-level security requirements was provided together with the description of the defect types to be located.
-
Defect reporting form. This form was used by participants to record the start and end time of the inspection, as well as the defects by location, type and description. The defect reporting form for the experimental group was the one generated for applying the reading technique.
The artifacts were organized in 3 phases. This depends on the phase where the artifact is used.
- Pre-experiment
- Experiment
- Post-experiment
In addition, this repository contains the results of the controlled experiments for any validation procedure.
In order to make available the experiment package with all the instruments and the results, we followed open science policies that are available on
